Do you have a Wyze Cam? 

If you're not sure what that is, it's an internet camera that offers a low-cost solution to those who are interested in playing around with video and not willing to spend a ton of money on it.

Unfortunately, in this instance it's a budget option with a bite and a significant drawback.  The camera has a bug in its firmware which allows for unauthenticated remote access to videos and images stored on the camera's local memory cards.

Even worse, although this bug has never been assigned a security vulnerability (CVEID) identity number, it has been a known issue for more than three years.  Any remote user listening on port 80 can access the contents of the SD card in the camera.


Unauthenticated access is a known bug

The issue is that upon inserting an SD card into the Wyze Cam, the camera automatically creates a symlink to it in the www directory which is served by the Wyze Cam webserver without any access restrictions whatsoever.

So basically, if you have one of these be very careful about what images and videos you store on it because literally anyone who wants to can snoop around your camera and see what you've been taking videos and pictures of.

Worst of all is that most of the people who use this type of equipment tend to use a "set and forget" philosophy, so you may have purchased one of these months or even years ago and not given the matter another thought.

If that's the case, it pays to do some housekeeping.  Review the contents of the SD card and possibly disconnect the camera. If that fails, relocate it and only turn it on when you're sure you want to record something.


My perspective

This is going to continue to be a problem with most of the equipment on the "Internet of Things" until we hold manufacturers to account.  Not only should this not be an issue at all, but it also shouldn't have lingered for so long without being attended to.  That's unfortunate.


There IS NO resistance to being futile!


By Denis Wilson

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Thanks for reading this post. I always take into mind that your time and attention are precious. And these posts need to be timely, to the point, and short.

For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can also find me on LinkedIn, Facebook, and Twitter

I am also a published author and speaker on cloud computing, work-at-home, and cybersecurity. I work extensively with business and professional associations to provide free small business technology education programs.


Contact me if you would like me to speak to your association